Intrusion detection system

System to detect unauthorised attempts to access a system or network

An intrusion detection system is any system designed to detect intrusions, or unauthorised attempts to access, change or in any way manipulate a computer system or network.

Such systems can be network-based (NIDS), sitting at the network edge monitoring all traffic reaching or leaving the network and looking out for irregular activity - a well-known example of a NIDS system is Snort. They can also focus on individual protocols or applications, for example running on a web or application server and monitoring traffic passing through a particular port or protocol, or communications to a particular piece of server software.

Intrusion detection can also run on an individual host, covering the whole system and watching all activity for signs of intrusion, illegal modification or data leakage. Such a system is known as a host-based intrusion detection system, or HIDS.

Glossary


	Similar entries Anti-malware Anti-spyware Anti-virus Behaviour blocker Blacklist CAPTCHA Challenge-response Content filtering Demilitarized Zone Encryption Firewall Heuristics Intrusion prevention system Layered defence OCR On-access scanning Patch Patch Tuesday Public Key Cryptography Service pack Spam filter URL filtering Walled garden Whitelisting See also Glossary Resources

Quick Links

Poll

The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Leave a comment
View 11 comments

VB2012


	VB2012 will take place 26 - 28 September 2012 at the Fairmont Dallas hotel, Dallas, TX, USA.

Virus Bulletin currently has 224,243 registered users.

Fighting malware and spam

Intrusion detection system

See also